Former TAS Employee Implicated in ID Theft Refund Scheme

There are bad seeds in any organization, and IRS is not exempt from that. Despite that reality, the news release that the Northern District of Alabama US Attorney’s office issued the other day is particularly disturbing because it highlights how one of the IRS’s own allegedly was involved in using her position at the Taxpayer Advocate Service to steal taxpayer identities and use that knowledge to facilitate the receipt of over a million dollars in bogus refunds.

The US Attorney’s Office announced that it indicted former TAS employee Nakeisha Hall and co-conspirators for  “their involvement in a 2008 to 2011 scheme operated out of Birmingham that involved stealing personal identity information from the Internal Revenue Service to create fraudulent tax returns and collecting the stolen refunds.”

We have written a few times about the scourge of identity theft in the past year, with excellent guest posts on the topic from former prosecutor Justin Gelfand and practitioner Rachael Rubenstein. This story, however, is particularly disturbing because Hall abused her position of trust in a way that can seriously undermine confidence in the tax system, and in particular given her position at TAS, which has a major role in helping taxpayers resolve identity theft issues.


The news release expands on that:

Taxpayers trust, and expect, that IRS employees, as a whole, will safeguard their most sensitive personal information. Taxpayers also must trust that IRS employees in the Taxpayer Advocate Service will not only protect their sensitive information but will actively assist them when it has been compromised by others,” [US Attorney] Vance said. “An IRS taxpayer advocate who exploits that trust, and with full knowledge of the significant impacts of identity theft, uses her IRS access to compromise taxpayers’ identities and steal a million dollars from the U.S. Treasury is committing a particularly egregious crime that will not go unpunished,”  Vance said.

The release detailed the scheme:

Hall obtained individuals’ names, birth dates and Social Security numbers through unauthorized access to IRS computers. Hall used the personal identity information to prepare fraudulent income tax returns and submitted them electronically to the IRS. Hall requested that the IRS pay the refunds onto debit cards and directed that the cards be mailed to drop addresses that she controlled. Hall solicited and received drop addresses from Goodman, Coleman and other co-conspirators, who also collected the refund cards from the mail.

Hall activated the cards by using stolen identity information. She, Goodman, Coleman and other co-conspirators took the money off the debit cards at ATMs or used the cards for purchases. If the fraudulent returns generated U.S. Treasury checks rather than the requested debit cards, Hall and her co-conspirators used fraudulent endorsements in order to cash the checks. Hall compensated Goodman, Coleman and other co-conspirators by giving them a portion of the refund money, or by giving them refund cards for their own use.

Parting Thoughts

No doubt the misdeeds of an IRS employee will draw much attention, and it should. As the US Attorney notes, it is particularly egregious when someone in a position of trust violates that trust. That has an impact not only on the public, but also on the morale of the many IRS employees that day in and day out try their best to help the public.

Identity theft is a major problem that exists independent of misdeeds of a rogue IRS employee. TAS on an individual case level and on a systemic level has been and continues to be a major force for good. For example, in reports and in testimony the National Taxpayer Advocate has detailed IRS’s administrative process errors and recommended “Congress establish a timeframe for the IRS to develop a strategy and timeline for accelerating third-party information report processing and providing taxpayers with electronic access to such data.” 2105 Testimony Before the House Committee on Oversight and Government Reform.

Recent PATH legislation accelerates the timeframe for the filing of information returns and mandates a delay in the payment of refunds attributable to refundable credits, actions consistent with those recommendations and reflective of how TAS continues to be a positive force in identifying problems and proposing solutions to tax administration problems.

There is still much to do in this area. This story is depressing and to the extent there are other problems within IRS and TAS one hopes that TIGTA and prosecutors chase down all of the bad actors. The problem though goes well beyond the bad actors, and Congress and IRS still have their hands full as we enter a new filing and identity theft season as well.


8:35 AM 12/31: Note: The story was updated to reflect that the indicted person is a former TAS employee


IRS Announces Procedures for Identity Theft Victims to Request Copies of Fraudulently Filed Tax Returns

Today we welcome back guest blogger Rachael E. Rubenstein who recently joined Strasburger Attorneys at Law in San Antonio, Texas after serving as the director of the low income taxpayer clinic at St. Mary’s law school. Rachael was a principal author of the Identity Theft chapter in the 6th Edition of Effectively Representing Your Client Before the IRS.  She writes today about the recent change in IRS policy that will allow victims of identity theft to see a redacted version of the return filed by the thief using the victim’s tax identifying information.  This is a much needed change that has been a long time coming.  Keith

On November 5, 2015, the Service announced instructions and information for taxpayers to request copies of fraudulent returns filed by identity thieves using their personal information.

For several years, victims and advocates (including TAS representatives, LITC clinicians, and private practitioners) have pushed for access to these returns. However, until last week, the Service did not permit its employees to provide victims of identity theft copies of tax returns filed under their SSNs due to concerns about section 6103 disclosure violations, despite clear guidance on the topic in 2012 from Chief Counsel. In May of this year, Senator Ayotte pressed Commissioner Koskinen on this issue. He responded with a letter stating that the Service decided to change its policy regarding disclosure of fraudulent returns and would develop procedures to enable victims to request and receive copies of these returns. In August, during a congressional hearing on Tax Related Identity Theft and Fraudulent Tax Returns, representatives from TAS and TIGTA specifically testified about this policy change and their desire for the Service to move forward with its plans to grant access to fraudulent returns. Although this news was long-awaited, the Service delivered on the Commissioner’s pledge.


The announcement states that copies of the current tax year and the previous six years are available. The instructions are fairly specific in terms of what a taxpayer, or authorized representative, must include along with the request. A chart covers what return information will be visible on the copy versus redacted. For example, the names of the taxpayer, spouse, and any dependents on the return will be redacted except for the first four letters of the last name. SSNs, ITINs, and EINs will also be redacted except for the last four digits. Additionally, phone numbers and bank numbers will be redacted expect for the last four digits. The entire address will be redacted minus the street name. The names and addresses of “other persons” or entities listed on the return will be completely redacted along with the numbers associated with the tax return preparer or third party designee.

The redactions appear appropriate in light of the disclosure statute and Chief Counsel guidance, although, arguably, the restrictions may go further than required under section 6103 with respect to “other persons,” namely return preparers. The instructions indicate that a request will be returned if the address listed does not match the requestor’s IRS address of record. There are certainly instances when a victim’s IRS address of record is changed due to no fault of his own. For example, the address of record may not be correct when the Service processes an identity theft return and does not receive a paper filed return from the true owner of the SSN for the same tax year. Taxpayers whose requests are rejected due to an address mismatch will be instructed to change their address of record by filing a Form 8822, Change of Address. The request may be resubmitted after the Service processes the address change.

During the initial phase of this new program, the Service will probably take longer than the reported 90 day average to effectively process and respond to requests for copies of fraudulent returns, as the volume is unpredictable and the cases complex. Undoubtedly many requestors will experience processing holds due to open identity theft issues, and a significant number of requests will likely be returned as a result of address mismatches or failure to follow the instructions. Nonetheless, in an era of perceived dysfunction in tax administration, it’s important to acknowledge when a positive policy change occurs through multifaceted advocacy efforts.

Proposed Legislation to Combat Identity Theft and Override Loving

We have written extensively on the separate but at times related issues of identity theft and refund fraud. Last week, for example, guest poster Rachael Rubenstein wrote an update on identity theft issues; the post generated spirited comments including one by Bob Kamman essentially suggesting that lots of the blame lies with Congress and the administrations for failing to step up and provide the means necessary for the IRS to step into the 21st century, unlike Bob’s example of  tax administration powerhouse Estonia. Senate Finance staffers gobbling up our posts and comments have sprung to action, with the Senate Finance Committee scheduling an open executive session tomorrow at 10 AM to mark up a bill designed to “prevent identity theft and refund fraud.”  (link to the session is here)

My ear is not to the DC ground but the bill has the bipartisan support of the Chair, Senator Hatch, and ranking Democrat Senator Wyden. A press release announcing the mark up is here; a description of the Chair’s mark up can be found here, and a summary can be found here.

Some of the key proposals in the legislation include requiring the IRS to reduce burdens on identity theft victims. The IRS would also be required to consider and report on measures it is taking to detect and combat identity theft and also study the possibility of allowing someone to file an affidavit blocking the e-filing of returns.

I have previously discussed how thieves take advantage of the IRS look-back compliance model and how earlier matching of information returns before issuing refunds is a crucial measure that can give the Service the means to stop the outflow of funds through identifying discrepancies. Importantly, the legislation includes a number of measures to give the IRS the power to move away from that model. For example, it would push up the filing of W-2, W-3 and 1099 MISC to 15 days after the due date for payee statements, as well as require the IRS to study the possibility of moving up deadline for other information returns. The bill also facilitates the means to get the IRS off its look-back model through requiring many small businesses to transition from paper W-2 and 1099 filing to e-filing and mandates that e-prepared returns that are paper filed have a scannable code allowing the IRS to process the return information more efficiently. Moreover, as the summary describes, the bill allows the IRS to access data in the National Directory of New Hires “for the sole purpose of identifying and preventing false or fraudulent tax return filings and claims for refund.”

There is more in here too, including an increase in penalties on preparers who improperly use taxpayer information and an override of Loving by giving Treasury authority regulate all aspects of tax practice, including paid tax return preparers. It also gives IRS the authority to revoke PTINs of preparers.

This legislation has the potential to be a game changer for tax administration. While the passage of the legislation is unlikely to be a walk in Lahemma perhaps the confluence of high profile cyber thefts and apparent bipartisan support will begin to tip the scales away from those who view the tax system as an open cookie jar.






Summer Updates: Identity Theft and Tax Administration

Today, we welcome back guest blogger, Rachael E. Rubenstein.  Rachael served as the principal author in the Identity Theft chapter in the recently published 6th Edition of Effectively Representing Your Client before the IRS.  So much has been happening in this area recently that we asked Rachael to bring us up to date and she has done so with a comprehensive post on this area over the past few months.  Rachael just moved from a teaching position at St. Mary’s Law School in San Antonio, Texas where she directed the low income taxpayer clinic to the firm of Strasburger & Price, LLP in the same city.  We appreciate her willingness to write extensively while in the midst of a practice move.  Keith

Tax-related identity theft was a hot topic this summer.  Since I last blogged about it in May, the NTA released her Fiscal Year 2016 Objectives Report to Congress, alerting us to an upswing in the number of open identity theft cases in IRS inventory; a written report was released containing details of the 2015 Security Summit held by Commissioner Koskinen; Senators Johnson, Warner, and Ayotte introduced the Social Security Identity Defense Act of 2015; and the Senate Budget Committee held a hearing, convened by Senator Ayotte, on Tax-Related Identity Theft and Fraudulent Returns.


My previous post optimistically noted that after almost a decade of annual increases, the volume of IRS identity theft incidents finally declined by roughly 42 percent in 2014 compared to its peak of 1,901,105 in 2013. Considering the attention and resources focused on this problem, the marked decline in 2014 showed promise.  Unfortunately, the NTA’s June report indicates that the number of open identity theft cases impacting taxpayers in IRS inventory (as of May 2015) swelled again to near May 2013 levels—up 69 percent from May 2014.

The NTA attributes the recent rise in open identity theft cases back to levels observed in 2013 to “the overreach of the TPP [Taxpayer Protection Program] filters and understaffing of the TPP phone lines.” The TPP is responsible for detection, evaluation, and prevention of improper refunds related to identity theft. During the 2015 filing season, TPP return processing filters identified 1,558,874 potentially fraudulent returns using 196 distinct filters that flag returns when certain characteristics are identified. The false positive rate was around 34 percent, meaning that a third of electronically filed tax returns that TPP stopped from posting to a particular account were filed by legitimate taxpayers who expected timely receipt of their tax refunds. These taxpayers received a TPP notice instructing them to call a particular phone number to resolve the issue; however, most that called during the peak of tax season in February were unable to get through at all to a live phone assistor. For those that did get through, there average wait time was between 20 minutes to over an hour.

Immediately after the May 2015 data breach scandal (which turned out to affect around 250,000 more taxpayers than initially reported), we learned that earlier in the Spring, Commissioner Koskinen convened key officials from state taxing authorities and the private tax industry together for a Security Summit to discuss the significant challenges facing tax administration as a result of tax-related identity theft, and potential coordinated strategies. It was widely reported that an agreement was reached among the participants “to form a public-private partnership committed to protecting the nation’s taxpayers and the tax system from IDT [identity theft] refund fraud.” In June, a 9 page report was released detailing the goals of each of the working groups formed from the Security Summit, outlining recommendations, listing existing proposals for congressional consideration, discussing next steps, and describing the participants. This partnership is certainly an innovative approach, and it will be interesting to see how this collaboration plays out.

The Social Security Identity Defense Act was introduced in May and is aimed at amending section 6103 to make it easier for victims of identity theft and law enforcement officials to receive information pertaining to tax-related incidents of identity theft from the FBI and DOJ. Although it is unlikely to be enacted, this bill has reignited discussion regarding the intersection of identity theft and section 6103 disclosure issues. For example—to what extent is the victim taxpayer entitled to information from the Service regarding the incident? Presently, under PMTA 2012-005, Chief Counsel takes the position that once an invalid return is submitted, it becomes the return information of both the true owner of the SSN and the identity thief because the information relates to the potential investigation of liability with respect to both parties. Therefore, the victim of identity theft should have a right to a copy of the bad tax return as long as disclosure would not impair federal tax administration.

In confirmed or suspected cases of identity theft, a taxpayer’s account is marked with various types of identity theft indictors. When such an indicator is present, taxpayers and their representatives may find it difficult to obtain copies of tax returns or related tax transcripts from the Service because employees are trained to safeguard taxpayer information protected by section 6103. Disclosure violations carry the threat of civil fines and even potential criminal charges. Despite Chief Counsel guidance indicting that the bad return is the return information of both the victim and the alleged identity thief, the IRM “instructs employees to not  to provide . . . copies of tax returns when identity theft indicators are present on the requestor’s account.” In May of 2015, Senator Ayotte wrote a letter to Commissioner Koskinen expressing her concern “with IRS’s refusal to provide tax identity theft victims with copies of the fraudulent returns filed in their names.” She referenced the 2012 Chief Counsel memorandum to support her complaint and request for the Service to change its non-disclosure practices. Commissioner Koskinen acquiescence in a written response issued later the same month and stated that the Service would develop procedures to allow victims of identity theft to request and receive (redacted) copies of tax returns filed under their SSNs.

The hearing held in August covered familiar and fairly bleak territory as well as some encouraging announcements about major programmatic changes regarding identity theft cases processing. A taxpayer testified about the bureaucratic nightmare she endured dealing with IRS and other agencies when her e-filed return was rejected because her deceased child’s SSN was used to file multiple fraudulent returns (it is worth noting that none of the fraudulent filings actually got passed IRS filters). Christopher Lee, TAS Senior Attorney Advisor; J. Russel George, TIGTA; and Commissioner Koskinen testified about the general state of refund-related identity theft—the broad consensus was that despite its many gains in terms of detection and prevention of refund-related identity theft, the Service still has a long way to go in order to get ahead of the overall identity theft crisis.

In addition to the jump in the number of incidents during the 2015 filing season, and the TPP false positive rate, lengthy delays in case processing and poor customer service are stubborn problems (although the situation is certainly not as bad as it once was in the early part of the decade). A study conducted by TAS of cases closed in 2014 found that 179 days was the average resolution time for an identity theft case from a taxpayer’s perspective. The Service’s slow progress towards improvement of case processing times is partly attributable to the increasing complexity of identity theft cases. Such cases require the involvement of multiple functions under the Service’s decentralized case management structure, which has been in operation for several years. The same 2014 TAS study found that approximately 30 percent of cases involve multiple issues.

TAS has repeatedly called for the Service to set-up “a sole point of contact system” for victims with complex identity theft cases. While the Service has announced its final phase of a plan to re-engineer its approach to victim assistance, moving towards a more centralized model, the prospects for adoption of this particular TAS recommendation appear dim. Commissioner Koskinen’s version of a “single point of contact” described during the hearing involves yet another specialized toll free phone line, as opposed to the TAS model of one designated employee to handle a particular victim’s case.

The Commissioner’s testimony reminded stakeholders that sophisticated cyber criminals present momentous challenges to the Service in an era of archaic IRS technological systems and strained financial resources. Still, he pledged that the Service is continuing to work diligently on efforts to combat identity theft, and he announced some specific plans for 2015-2016. One is the roll out of the Identity Theft Assistance organization, a consolidation of various identity theft programs into one division aimed at unifying the Service’s victim assistance and identity theft compliance activities. Another is an improved case resolution average of 120 days. Further, new protections for electronic filing, developed by the Security Summit working groups, were promised before the 2016 filing season.

The Service requested additional money for improved cyber security and revamped identity theft initiatives, which is reflected in the President’s FY 2016 Budget pending before congress. All tax administrators who testified at the hearing agree that the IRS needs more funding to address the identity theft epidemic. They also share the view that congress should take a more active role in enacting various legislative tools to assist the IRS in combating this pervasive problem.



Summary Opinions for the second half of May

Here is part two of the items from May we didn’t otherwise cover.  We’ll have the June items shortly, and then July.  Hopefully, I’ll get back on track for weekly summaries in the near future.

  • The Sixth Circuit in Ednacot v. Mesa Medical Group, PLLC affirmed the lower court tossing a physician assistant’s claim that an employer wrongfully withheld employment taxes.  The Court determined this was tantamount to a refund suit, which required the taxpayer to first file an administrative claim for refund with the IRS prior to bringing suit.  There seems to be a lengthy past between the parties in this case.  The petitioner brought up a valid seeming point that she did not know if the withholdings were paid to the IRS, and therefore wasn’t sure if the refund was appropriate, but the Court held that Section 7422 was designed to funnel these issues through the administrative process.
  • Couple interesting privilege cases recently, including the Pacific Management Group decision blogged by Joni Larson for us.  In a case that may have a somewhat chilling effect on making reasonable cause claims, the Tax Court has held that claiming reasonable cause to the substantial valuation misstatement penalty waived attorney client privilege and the work product doctrine for certain communications between the taxpayer and its lawyer and accountant.  See Eaton Corp. and Sub. v. Comm’r.  This holding was the affirming of a motion for reconsideration.  The Court found that although there was an objective determination under Section 6662(e)(3), whether relying on the advice on Section 482 was based on the facts and circumstances, including the advice of the lawyer.  By claiming reasonable cause, the privileges were waived for that issue.
  • Taxpayer was successful arguing against the substantial understatement penalty in Johnston v. Comm’r, but it was because the taxpayer didn’t actually owe the tax.  The IRS had argued that a debt between the taxpayer (an executive of a telcom company) and his company was discharged by his employer when he moved to a related entity.  There was credible evidence that it was not discharged and payment continued.  There was the pesky issue that the loan wasn’t paid until the IRS audited the individual, but the Court found that the audit prompted the company to do something with the loan and it hadn’t been tax avoidance…must have been persuasive testimony.
  • LAFA issued guidance on the effect on the limitations period on assessment for payroll tax when the wrong form is filed. (LAFA 20152101F).  Employers are generally required to file quarterly returns on Form 941 for employment taxes when they are paid in that period.  A different form, Form 944 is used for certain employers with little  employment tax liability, and that is required annually.  The statute generally runs from the date of the deemed filing of employment tax returns, which is April 15 the following year.  See Section 6501(a)&(b).  The LAFA reviews the following three situations:
  1. Employer is required to file Form 944, but instead timely files four quarterly Forms 941.

  2. Employer is required to file Form 944, but timely files Form 941 for the first and second quarters of the year instead, and files nothing for the third or fourth quarters of the year.

  3. Employer is required to file quarterly Forms 941, but timely files annual Form 944 instead.


The quick conclusions were:

  1.  Assuming the Forms 941 purport to be returns, are an honest and reasonable attempt to satisfy the filing requirements, are signed under penalty of perjury, and can be used to determine Employer’s annual FICA and income tax withholding tax liability, the Forms 941 meet the Beard formulation and should be treated as valid returns for purposes of starting the period of limitations on assessment.

  2.  An argument can be made that the Forms 941 for the first and second quarters of the tax year constitute valid returns under the Beard formulation since they purport to be returns and are signed under penalty of perjury. However, given that Employer’s FICA and income tax withholding tax liability for the third and fourth quarters will not necessarily be equal to that reported for the first two quarters, the Forms 941 arguably are not sufficient for purposes of the determining Employer’s annual FICA and income tax withholding tax liability and may not be honest and reasonable attempts to satisfy the tax law.

  3.  Assuming the Form 944 purports to be a return, is an honest and reasonable attempt to satisfy the filing requirements, can be used to determine Employer’s annual FICA and income tax withholding tax liability, and is signed under penalty of perjury, Employer’s Form 944 meets the Beard formulation and should be treated as a valid return for purposes of the period of limitations on assessment.

  • A taxpayer in a chapter 11 case, Francisco Rodriquez (not the current Brewers closer who pitched for the Mets before choking out his relative in the clubhouse) was successful in avoiding a lien under 11 USC 506 on property held by the taxpayer that was already underwater with three prior liens.  In re Rodriguez, 115 AFTR2d 2015-1750 (Bktcy D MD 2015).  Section 506 allows liens to be stripped if the property lacks equity, which was what the taxpayer was attempting.  SCOTUS in Dewsnup v. Timm held that  a chapter 7 debtor cannot “strip down” an allowed secured claim (clearly, I was not the debtor, otherwise SCOTUS would have tossed on some Its Raining Men, and granted my right to strip down—I only did it to pay for college, I swear—and yet, still so many student loans).  Various other cases have held that Dewnsup does not extend to other chapters in bankruptcy, and the District Court held that lien stripping was appropriate in chapter 11 under the taxpayer’s circumstances.
  • The Tenth Circuit continues its clear prejudice and hatred towards Canadians (I completely made that up and that link is NSFW) in Mabbett v. Comm’r, where it found the Tax Court properly tossed a petition as being untimely that was filed by a resident of the US, who was a Canadian citizen.  The Court found the Service had properly sent the stat notice to the taxpayer at her last known address (and even if that was not the case, her representative had forwarded her a copy well before the due date of the petition).  The taxpayer also claimed that she was entitled to the 150 day period to file her petition to the court under Section 6213(a) because she was a Canadian citizen.  The Court stated, however, that the statute was clear that the 150 day rule only applies when “the notice is addressed to a person outside the United States.”  The taxpayer had been traveling, and was Canadian, but failed to show she was outside of the United States at the time the notice was sent.
  • In case you haven’t seen, the Service has started a cybercrimes unit to combat stolen ID tax fraud.  In my mind, this is sort of like the IRS and Tron having a lovechild, which I would assume to look like this.  Jack Townsend has real coverage on his Federal Tax Crimes Blog.
  • Jack also has coverage of the new IRS FBAR penalty guidance, which can be found here


Reflections on the General State of Tax-related Identity Theft

We have previously discussed the challenges of identity theft in Procedurally Taxing, most recently in a guest post from former prosecutor Justine Gelfand. Today we return to the issue and welcome back guest blogger, Rachael Rubenstein, who is a Senior Tax Fellow at St. Mary’s School of LawRachael served as the principal author of the Identity Theft chapter in the 6th Edition of Effectively Representing Your Client before the IRS.”  Because of all of the changes in this area since the time of publishing the 5th Edition, she essentially had to write the chapter from scratch. She reflects here on recent issues concerning identity theft.  Her closing paragraph comparing the amount the IRS spends on data security compared to a large bank should give us all pause.  Keith

Recent news of a large scale data breach involving the IRS website here  here and here, and the announcement that the IRS plans to establish formal guidelines to allow victims of refund-related identity theft to gain access to copies of the fraudulently filed returns here, has refocused attention to the widespread issue of tax-related identity theft. As have reports during the filing season of suspicious tax return filings through TurboTax Software, which launched an ongoing FBI investigation here and  here. Coverage of this issue has inspired increased frustration and anger towards the IRS, an agency we all know is suffering from some serious PR problems. Last month my dad contacted me panicked because he learned a fraudulent tax return was filed under his Social Security Number (SSN). I told him what I tell many of my clients, “It will be ok. The problem will be fixed as long as you file the correct paperwork. The IRS has a lot of experience with this type of activity, although it will take several months to correct.”  Luckily my parents, unlike most clients, were not waiting on a large tax refund to supplement their income for the year. Still, the psychological and financial effects of this type of victimization are felt regardless of one’s tax bracket.


In terms of tax administration, identity theft is a relatively new phenomenon—emerging in the early 2000s along with the rise in e-filing. There are two types of tax-related identity theft: refund-related and employment-related. The latter occurs when an individual uses the SSN of another in order to gain employment, which often causes IRS problems because of the wages earned and reported by employers under the wrong SSN.  Most attention and resources are focused on refund-related, which involves the use of stolen personal data to obtain improper refunds causing economic damage to individual taxpayers and the treasury. IRS figures estimate the cost of undetected refund-related identity theft at approximately $5 billion a year. Until tax year 2013, the numbers of taxpayers affected by (broadly defined) tax-related identity theft each year rose at an alarming rate. According to a 2013 TIGTA report here in calendar year 2010, there were roughly 440,581 IRS identity theft incidents compared to 1,901,105 in 2013.

From 2004 to 2013, the NTA identified tax-related identity theft as one of the “‘Most Serious Problems” faced by taxpayers in nearly every annual report submitted to Congress here. In addition to the various audits TIGTA conducts each year on the Service’s information security programs, TIGTA has aggressively audited IRS handling of identity theft and its ongoing efforts to stop it before a taxpayer is victimized. At the beginning of the decade refund-related identity theft overwhelmed the IRS. Victim taxpayers generally waited over a year to receive their refunds and, often, had to submit numerous copies of the same evidence to IRS in order to resolve their cases. A review of TIGTA and TAS reports shows that the peak of lost revenue and the length of case processing for victims occurred in 2010 through 2012. The volume of actual incidents (both employment and refund-related) was the highest in 2013 and, finally, declined by roughly 42% by the end of 2014 here. Since 2012, the IRS has made combating identity theft a top priority and steady progress has been made on both prevention and victim services. The IRS used a variety of methods to attack the problem, including: novel technology detection and prevention models,  increased criminal investigations/prosecutions, increased cooperation with the private sector, redevelopment of case processing procedures, expansion of programs to assist victims, and added personnel dedicated to handling identity theft cases. In April 2015, the most recent TIGTA audit on refund-related identity theft here reported $22–24 billion of fraudulent tax refunds were prevented during the 2013 filing season. Still, around $5.75 billion was lost as a result of this crime during the same period. These figures are based on IRS estimates, which generally capture higher figures than TIGTA audits. Most practitioners who regularly work these cases will tell you that processing times have improved (down to a not so impressive average of 6–8 months), and IRS employees are better equipped to handle identity theft claims. The darkest days of tax-related may have already passed, although vulnerabilities in IRS information technology programs could certainly turn the tide.

May’s data breach represented a shift in sophistication by identity thieves. Instead of using personal data stolen from external sources to steal refund money by e-filing fraudulent tax returns, hackers used a hybrid theft model. First, previously stolen information such as names, dates of birth, and addresses, were used to access the “Get a Transcript” feature on the IRS website. This tool was launched in January of 2014 to streamline taxpayer requests for prior year tax transcripts—reducing IRS call volume and providing instant data to the requestor. By accessing these transcripts, cyber-attackers obtained specific details about their victims filing histories. Such information was used (or planned to be used) to circumvent the Service’s return processing identity theft detection filters. It’s worth noting that the IRS has approximately 144 such filters. In his June 2nd testimony before the Senate Finance Committee on this incident here, Commissioner Koskinen stated the Service’s cyber security team detected suspicious activity on the “Get a Transcript” application in mid-May and shut down the feature on May 21st. IRS investigation revealed that roughly 100,000 taxpayer accounts were affected, resulting in around 13,000 suspect tax returns filed. About $39 million in fraudulent refunds were paid out. Another 23,500 returns from these compromised accounts were stopped by IRS fraud filters.

Shifting blame to the IRS for this cyber attack is easy. Much of the agency’s information technology systems are antiquated and known vulnerabilities continue to exist (detailed in TIGTA’s June 2nd written testimony here). Any time there is a high profile problem identified in tax administration, we hear a familiar parade of horribles launched at the agency. This massive disclosure violation merits a more thoughtful response. Indeed, last week IRS announced a formal agreement to work collaboratively with state tax administrators and leaders of the private electronic tax industry. Details of the agreement were developed after Koskinen convened a Security Summit with IRS representatives and these external stakeholders on March 19th, and include new initiatives in the areas of taxpayer authentication; fraud identification; information sharing/assessment; cybersecurity framework; and taxpayer awareness and communication here. These coordinated efforts sound promising but there is a missing player in this partnership to fight back against tax-related identity theft.

Since 2011, at least a dozen congressional hearings on this topic were held, yet no meaningful legislation has emerged to combat tax-related identity theft. The well-treaded path of investigation, condemnation, cost cutting, and added responsibilities will not suffice—legislative solutions are needed. Koskinen mentioned several in the June 2nd hearing: approval of the President’s FY 2016 Budget request (“with $101 million specifically devoted to identity theft and refund fraud, plus $188 million for critical information technology infrastructure”); passage of legislation to “accelerate information return filing deadlines” for improved detection of fraudulent filings during tax season; and criminal and civil penalty deterrence statutes. On June 4th, Senate Finance Committee Chairman, Orrin Hatch, and Ranking Member, Ron Wyden, released a statement outlining the Committee’s work on this issue here. Legislation introduced by Senator Marco Rubio in March of 2015 here aimed at curtailing tax-related identity theft may also merit consideration. Lawmakers should act to implement legislation and better safeguard the public fisc from this pervasive crime.

*In 2014, JP Morgan Chase spent $250 million on cyber security and still experienced a large scale data breach here. In comparison, the IRS spent around $141.5 million on cyber security in the same year here.

Most Recent IRS International Hacking Reveals Vulnerability

As I discussed in yesterday’s post on proposals to expand the EITC, identity theft is a growing problem for IRS and the economy overall. In today’s guest post we hear from Justin Gelfand.  

Justin is a former federal prosecutor who is currently in private practice at the Capes Sokol Goodman and Sarachan law firm in in St. Louis, Missouri.  In 2013, Gelfand received the Attorney General’s Award for Fraud Prevention for his work on stolen identity tax refund fraud.  Justin has both prosecuted and defended criminal tax cases in districts throughout the United States. I heard Justin’s thoughtful presentation on the topic of identity theft at the recent ABA Tax Section meeting and asked him if he would share his views with our readers. Justin intends to discuss this growing problem and his ideas regarding solutions in greater detail in future posts. Les

According to national reports, hackers allegedly stole the personal data of approximately 100,000 taxpayers from the IRS’s computer system.  The most recent investigative report from CNN reveals the IRS believes the cyber-attack has links to Russia.  In the coming days, weeks and months, federal law enforcement will no doubt do everything it can to detect who is behind this alleged cybercrime and, if possible, to bring charges against those allegedly responsible.

As the IRS continues to combat stolen identity tax refund fraud, an epidemic that costs the Government more than $5 billion per year, the significance of this cyber-attack cannot be overstated: it is game-changing.  At a minimum, if the latest news coverage is accurate, it is crystal clear that international hackers successfully infiltrated the IRS’s computer system to steal legally-protected and extremely sensitive taxpayer information.  This information must inevitably threaten the IRS’s filters in place to detect fraudulent tax returns filed in the names of stolen identities.  After all, if the IRS is looking at a taxpayer’s prior tax returns, the hackers now have that information.


The IRS’s response: “We’re confident that these are not amateurs,” IRS Commissioner John Koskinen said.  “These actually are organized crime syndicates that not only we but everybody in the financial industry are dealing with.”

The IRS’s response is fair in some respects – cybercriminals have perpetrated attacks against large retail stores and small businesses.  But the difference between the IRS’s identity theft epidemic and the private sector is that no other private company or government agency continues to lose more than $5 billion year after year to the same crime.  That the IRS’s data security systems did not shield the agency – and taxpayers – from an international hack of this caliber is as frightening as it is reflective of the fact that the agency’s systems are simply vulnerable.  What Commissioner Koskinen should understand is that if a large bank were losing billions of dollars year after year to the same brand of fraud, the bank would do something about it to stop the bleeding.

Perhaps more than anything else, this cyber-attack reveals that stolen identity tax refund fraud is not a problem the Government can prosecute its way out of.  Resources are limited and the IRS should spend every last dime on making it harder to steal money from the Treasury by improving filters, enhancing its data security systems, and protecting taxpayers from becoming victims of identity theft – not on seeking long prison sentences for the less sophisticated identity thieves the Government can actually catch.  If resources are the issue, the IRS should ask Congress to reallocate funding to cyber-infrastructure improvements and retain a company like Google to help.

Ultimately, this may be an embarrassment to the IRS – but perhaps it can also be the beginning of improved technology, improved policies and procedures, and improved perspectives on how to combat the identity theft tax fraud epidemic.

Editor Update: TIGTA released a report today called Efforts Are Resulting in the Improved Identification of Fraudulent Tax Returns Involving Identity Theft. It discusses IRS efforts to combat identity theft.

From its press release:

TIGTA recommended that the IRS continue to evaluate clustering filters to ensure that they properly identify tax returns with multiple uses of addresses and/or bank accounts; expand identity theft filters to address filing patterns that may indicate that a tax return is related to identity theft; and outline specific actions and time frames for implementation of a process to deactivate ITINs assigned prior to Jan. 1, 2013, including ITINs assigned to individuals who are now deceased.


Warren Buffet Calls for Expanding EITC: Tax Administration Impact Highlights There is No Free Lunch

This post originally appeared in the Forbes PT site on May 26, 2015.

One of the hot button political issues of the day is income inequality. The stagnation of low-income workers’ wages has focused attention on policies to offset that, such as possibly raising the minimum wage or boosting tax benefits. Last week, Warren Buffet in an Op-Ed piece in the Wall Street Journal chimed in, first situating inequality in today’s economy:

That mismatch is neither the fault of the market system nor the fault of the disadvantaged individuals. It is simply a consequence of an economic engine that constantly requires more high-order talents while reducing the need for commodity-like tasks.

He then offers his views that a better approach to inequality is to increase the EITC rather than boost the minimum wage:

The better answer is a major and carefully crafted expansion of the Earned Income Tax Credit (EITC), which currently goes to millions of low-income workers. Payments to eligible workers diminish as their earnings increase. But there is no disincentive effect: A gain in wages always produces a gain in overall income. The process is simple: You file a tax return, and the government sends you a check.

In essence, the EITC rewards work and provides an incentive for workers to improve their skills. Equally important, it does not distort market forces, thereby maximizing employment.

As this is not a macroeconomics policy blog, I leave it to others to discuss the causes costs and possible solutions to the inequality Mr. Buffet speaks of.

This is, however, a tax procedure and administration blog, and much of what Mr. Buffet says, as well as some of the response it has drawn, sweeps in issues of tax administration. I will discuss some of those issues in this post, including overclaims, identity theft and program participation.


Error, Fraud and Identity Theft

First, in couching support for expanding EITC, Mr. Buffet does note some issues with EITC, most of which relate to the IRS’s administering the program.

He discusses how “[f]raud is a big problem; penalties for it should be stiffened.”

While there is no doubt that EITC suffers from a considerable overclaim rate (I discussed recent data on EITC overclaims in IRS Issues New Report on EITC Overclaims) the statement may lead some to believe that the overclaims are all attributable to fraud; GAO and others looking at the EITC overclaim issue identify multiple sources of noncompliance; only one is fraud. Moreover, as my fellow Forbes contributors Kelly Erb and Janet Novack note there are already in place some of the most draconian penalties on the books for fraudster EITC claimants, including a 10-year ban on fraudulent claims, a penalty I have discussed in the past year in The Ban on Claiming the EITC: A Problematic Penalty. EITC fraud penalties will do little to address the underlying compliance issues.

As a practical matter, it is hard to push for expanding the EITC when IRS has a hard time relative to other transfer programs in stopping erroneous claims. For example, my Forbes colleague Janet Novack states,

Its already substantial size–as much as $6,242 for parents with three or more qualifying children and $5,548 for those with two kids–combined with pressure for the Internal Revenue Service to administer the credit on the cheap, has set off a tsunami of identity theft tax fraud that has swamped both the IRS and some of the very workers the EITC is supposed to help.

Janet (looking to Keith’s Senate testimony from this spring) suggests that Congress should get the IRS tax administration house in order through adequately funding IRS, regulating preparers and accelerating the reporting of information returns to give the IRS a fighting chance to administer the program.

Many articles focus on EITC error costs without considering the program’s reduced direct administrative costs; Janet’s post also sensibly compares the differences across programs, noting that IRS spends only about 1% to administer the EITC. I offer some more on this issue. EITC given lack of upfront eligibility administrative mechanisms is much cheaper to administer than other transfer programs such as TANF and SNAP (food stamps). Congressional testimony this year from the NTA (at page 26) lays this out nicely.

I couId not agree more that if Congress asks IRS to do more in terms of delivering benefits through expanding the EITC it needs to give the agency the tools to do the job right. A major part of the allure of having IRS in the mix is the low administrative costs Yet that figure is misleading, as Janet notes (also referring to Keith), we are just pushing costs on other parties, including the claimants who struggle in the audit process and all of us as IRS is pressured to audit EITC claimants at perhaps a far higher rate than it should given that most of the individual tax gap stems from the underreporting of income among self-employed taxpayers.

How does identity theft fit in with this? As to identity theft, it is a huge problem for the tax system. Yet, identity theft is a problem that is quite different from the EITC compliance problem. Only a small amount of EITC overclaims is due to identity theft; the overwhelming majority of EITC error is due to the misclaiming of qualifying children who do not reside with the claimant.

[Update: Since posting this story yesterday IRS revealed that it was subject to a major breach that allowed data thieves access to tax return information of over 100,000 people. The breach led to IRS sending over  $50 million in fraudulent refunds before it detected the problem. The news highlights the challenges that identity theft presents to the tax system (and our economy overall).]

We are going to run posts discussing identity theft in greater detail, but for now I note that the identity theft problem is mainly due to IRS issuing refunds before it has access to third party documentation that would allow it to prevent issuing refunds to the wrong person. From the 2015 GAO report Additional Actions Could Help the IRS Combat the Large Evolving Threat of Refund Fraud:

[Fraudulent Identity Theft] refund fraud takes advantage of IRS’s “look-back” compliance model. Under this model, rather than holding refunds until completing all compliance checks, IRS issues refunds after conducting selected reviews. While there are no simple solutions, one option is earlier matching of employer-reported wage information to taxpayers’ returns before issuing refunds. IRS currently cannot do such matching because employers’ wage data (from Form W-2s) are not available until months after IRS issues most refunds. Consequently, IRS begins matching employer-reported W-2 data to tax returns in July, following the tax season. If IRS had access to W-2 data earlier—through accelerated W-2 deadlines and increased electronic filing of W-2s—it could conduct pre-refund matching and identify discrepancies to prevent the issuance of billions in fraudulent refunds.

EITC errors mainly relate to the misclaiming of qualifying children, and in particular their residence. To claim an EITC with children, claimants need not only the taxpayer’s SS# but also the children’s numbers. That makes most EITC claims more difficult for identity fraudsters. Moreover, IRS filters addressing possible EITC errors add another layer of defenses making it less likely for identity fraudsters to get their illicit refunds.

There are administrative and legislative tools available to combat identity theft, including changing the time which IRS issues refunds or accelerating the filing of third party data. No doubt that the possibility of credit driven refunds attracts identity fraudsters to our tax system, but dummying up tax returns with phony withholding amounts that take advantage of the IRS’s lack of early access to information returns is the main tool of the identity theft fraudster.

Whether Congress expands EITC or not, the identity theft problem will persist and get worse, unless Congress and IRS take actions to reverse its look back compliance model.

Participation and Filing

In Buffet’s piece in the WSJ, he also discusses how “[t]here should be widespread publicity that workers can receive free and convenient filing help.”

The statement brings attention to one challenging aspect of housing a benefits’ program in the tax system. Benefits’ programs in other areas tend to have an application process that revolves on a greater ex ante review process through the form of case workers and government bureaucrats reviewing eligibility before doling out benefits. The tax system essentially has assumed (with safeguards like document matching and the threat of audit) that taxpayers on their own or increasingly through assistance like software or commercial preparers are accurately preparing their eligibility statements in the form of tax returns.

The tax system’s approach has substantial costs, one of which is that claimants often have to pay third parties to get their claims (tax returns) in; the market has stepped in in the form of software and commercial preparers, both of which are major players in the tax administration landscape. The issue of return prep costs warrants a separate post but suffice to say claimants often pay dearly to get access to their refunds. For example, the National Consumer Law Center earlier this year released its annual study on preparation and related costs. It looks at EITC and goes through the various charges in addition to return preparation charges. As to the specific charges for return preparation (separate from ancillary fees, like fees for quicker access to cash from the refund, which in the last filing season to over $424 million) the report notes that mystery shopper testing has documented preparation fees up to $400 or $500 per return. The GAO in an April 2014 study found that the fees charged for tax preparation varied widely, even between offices affiliated with the same chain.

Despite the costs, there is, however, access to free income tax return filing. IRS through its Free File program makes free filing available to taxpayers with incomes below $60,000, but the take up on that has not been stellar and some have criticized its approach of opening up claimants to other fees. Likewise, VITA prep centers are available to help claimants prepare returns for free. All else being equal it would be better if more claimants could access their refunds without having to pay for the privilege of getting their benefits.

Despite many paying prep fees and other costs one of the aspects of the EITC thought of as a positive is its high take up rate. Yet some of the criticism of Mr. Buffet’s plan also focuses on that there is only an about 80% participation rate, As my Forbes colleague Kelly Erb notes, “[t]he IRS estimates that only four of five eligible taxpayers take advantage of the existing credit: nearly 20% eligible taxpayers either don’t know about it or simply don’t take advantage.”

Yet, in looking at other transfer programs, 80% participation is not bad at all and is roughly consistent with SNAP (food stamps) and much higher than TANF, which is well below 50%. But when you look at the EITC numbers more closely, the 80% figures are misleading because the participation rates are very sensitive to the amount potentially on the table for EITC claimants, i.e., the take up rates are much higher when taking into account the dollar amount of EITC eligible. For example, in a study published in the IRS 2009 research conference looking at 2005 tax year data, EITC participation rate was 88% when refunds were over $3,000 and about 90% when refunds approached $4,000 (see page 1982).

In other words, for the people whom Congress intends to benefit the most, the EITC participation rates are higher than just about any other transfer program.

One other point weaves in the themes of identity theft and participation. In Janet Novack’s post she discusses Forbes contributor Laura Shin’s reporting about a low-wage McDonald’s worker who decided against filing a tax return claiming thousands in EITC due to her being an identity theft victim. This suggests that prior victimization will chill people from claiming an EITC. IRS actually has in place procedures to facilitate victims to file current year returns, including getting a secure Identity Protection PIN. I am not aware of research suggesting that identity theft is a major barrier for eligible claimants from participating in claiming EITC, but no doubt that prior victimization may contribute to eligible claimants being wary about spending money and time on return preparation costs.

Some Parting Thoughts

As Mr. Buffet knows, there is no such thing as a free lunch. Using the tax system to deliver benefits is no silver bullet when it comes to addressing inequality. To administer the tax system as we know it today is no easy task. When Congress asks the IRS to do more, there are costs to taxpayers and the system overall. As Congress considers whether to ratchet up EITC, it should do so with the absence of rhetoric. It should also consider the tools it wants to give IRS to combat errors as well as address what costs it wants to impose on claimants and third parties. The current system passes costs on others, many of which are hidden. As with lunch, someone has to pick up the tab.